1. Field of the Invention
The invention relates to a system for supporting security administration, a method of supporting security administration, a program for supporting security administration, a system for displaying information, and a method of displaying information, and more particularly to such a system, method and program for supporting establishment and operation of security in a network system.
2. Description of the Related Art
Recently, an information system making use of Internet is broadly used as infrastructure in company's commercial activity. With such broad use of an information system, a security system becomes important for avoiding illegal access to such an information system and menace to information asset by virus. In addition, various devices have been suggested as devices to be used for such an information system.
Companies making use of Internet tend to establish its own security policy. Herein, security policy indicates a set of guidance relating to securities in an organization, in other word, a set of guidance for avoiding various menaces. Hereinbelow, each of guidance about security is referred to as a rule. Thus, security policy is expressed as a set of rules.
Security policy includes rules determining policies for man's action, such as rules for allowing a person to enter a server room or rules for handling a recording medium. Security policy also includes rules for establishing securities in a system to be administrated. That is, rules indicating how contents of various items relating to security are determined are also included in security policy. It is necessary for a system administrator to establish security policy in accordance with rules as guidance for establishment of security.
A system administrator has to have expertise knowledge in order to establish appropriate security for a network system and safely and effectively run the network system. Even if a system administrator had such expertise knowledge, he has to receive remarkably much work load.
Thus, some attempts have been made to lighten work load of a system administrator.
For instance, Japanese Patent Application Publication No. 2002-94509 has suggested a system in which diagnosis policy and supervision policy are made, based on network structure definitions indicative of a structure of a computer network, and diagnosis and supervision results are analyzed to thereby output an analysis report. In accordance with the report, a system administrator analyzes a network structure again.
Japanese Patent Application Publication No. 2002-247033 has suggested a system which establishes security in accordance with security policy for a network to be administrated. In the Publication, a “rule” is expressed as a “policy”.
The suggested system includes an information security policy database, a security administration and supervision program database, a policy and security-set information mapping table, a security-set information database, and other databases. The information security policy database stores action programs of a policy, devices to which a policy is applied and a software to which a policy is applied all in association with each of policies. In the policy and security-set information mapping table are written items to be included in a program to be administrated, and set values recommended in the items. The security-set information database stores set contents of each of softwares.
In the suggested system, an image is displayed in a screen for a user to select elemental parts (devices, softwares and programs) constituting an information system which a user (system administrator) established or is going to establish, to thereby urge a user to select elemental parts. Once elemental parts have been selected, a set of policies applicable to the thus selected elemental parts is extracted out of the information security policy database. The system displays thus extracted set of policies, and requests a user to select a policy among them. Once a policy has been selected, the system stores security-set information associated with the selected policy in the security-set information database in light of the security-set information mapping table. If a plurality of entries matches to a set item, the system shows set values stored in the security-set information database to urge a user to select a set value.
A security operational system has been suggested for following latest security-hole information and security-patch information, and appropriately operating a network system in R. Sato & F. Tanemo, “A study on a Dynamic Reconfiguration System to Keep a Network in a Secure Condition”, IPSJ S/G Notes Vol. 2002, No. 12, Feb. 14 and 15, 2002, pp. 169-174. In the suggested system, when new information about either a security hole or a solution to a security hole is input into the system, a server host which will be influenced by a new security hole is detected, based on information about devices constituting each of server hosts. The system transmits information indicative of a solution to a new security hole, to the thus detected server host.
A system having the same functions as those of the above-mentioned system is suggested in F. Tanemo et al., “Managed Security System: A Mechanism that Diagnoses and Reconfigures Hosts Based on Vulnerability Alert”, NTT & RD Vol. 51, No. 9, 2002, pp. 737-747.
Japanese Patent Application Publication No. 2000-324104 has suggested a method of setting security policy including the steps of identifying a policy-setting area by selecting a plurality of communication terminals constituting a virtual network to be constructed, on a screen in which a network map is displayed, selecting communication conditions out of a security-policy information storing table storing communication conditions including cipher algorithm, retrieving communication paths on a network, based on the identified setting area and the selected conditions, retrieving network devices constituting each of the retrieved communication paths, and applying the selected communication conditions to each of the network devices.
Japanese Patent Application Publication No. 2000-157221 has suggested a system for finding a solution to security vulnerability points. In the suggested system, a host computer attacks a computer to be tested through a network to thereby detect security vulnerability points of the computer to be tested, and makes a file including a solution to the thus detected security vulnerability points. Then, the host computer applies the solution to the computer to be tested.
Japanese Patent Application Publication No. 2000-261839 has suggested a system for administrating communication security. In the suggested system, inconsistency between security policies is detected without rendering secret information about different structures of security policies open, thereby preventing communication failure caused by a difference in security policy.
Each of rules included in security policy does not always indicate a content that a title of a hardware or software included in a system to be administrated is designated, and a certain setting is applied to the hardware or software. Hence, it is difficult to know correspondence between each of rules included in security policy and a hardware and software to which the each of rules is applied. As a result, a system administrator may set security policy which is short of or excessive over a system to be administrated. For instance, a system administrator may group a rule irrelevant to a hardware or software included in a system to be administrated, into security policy. As an alternative, a system administrator may forget setting a rule to be applied to a hardware or software. As an alternative, a system administrator may group rules which are contradictory to each other with respect to a common hardware or software, into security policy.
In particular, if a system administrator forgets setting a rule to be applied to a hardware or software, the hardware or software might become a security hole. That is, even though a certain hardware or software could have functions about security, if properly set, the certain hardware or software would operate in default setting, if a system administrator properly sets a rule for accomplishing such security functions. As a result, such a hardware or software cannot have security functions, resulting that the hardware or software is turned to a security hole.
As mentioned above, through a system administrator intends to properly accomplish functions of a hardware or software, if he/she forgot setting a rule, there would be caused a security hole.
The system suggested in the above-mentioned Japanese Patent Application Publication No. 2002-94509 makes diagnosis policy and supervision policy, and carries out security diagnosis and security supervision for supporting a system administrator. However, correspondence between each of rules included in the security policy and a hardware or software to which the each of rules is applied is not made.
The system suggested in the above-mentioned Japanese Patent Application Publication No. 2002-247033 displays a set of policies (rules) applicable to devices selected by a system administrator, and urges a system administrator to select security policy. However, the system is accompanied with a problem that a system administrator may set security policy short of or excessive over a system to be administrated. That is, when a plurality of values is set to a single item, the system displays the values, and urges a system administrator to select one of them. However, the system may fails to set a necessary value. In addition, the system does not consider topology of a system to be administrated.
As mentioned earlier, each of rules included in security policy does not always indicate a content of a hardware or software. Accordingly, a system administrator had to identify a content of each of set items in accordance with security policy, and properly set each of hardwares or softwares. In addition, commands for properly setting each of hardwares and each of softwares are different from one another, which exerts a burden on a system administrator when he/she sets each of hardwares and softwares.
If a system administrator receives information relating to a new security hole while he/she operates a network system, the system administrator has to remove such a security hole. In the systems suggested in the above-mentioned studies, a solution to a new security hole is applied to a host server having device-setting information coincident with information relating to a new security hole. As a result, a solution to a new security hole is applied to all of host servers having the same device-setting information. However, host servers having the same device-setting information are not always accompanied with a problem of a security hole. If the same solution to a security hole is applied to all of host servers, a host or hosts to which a solution is not necessary to be applied may be accompanied with a new problem.